Chapter 2. The pki utility


The pki utility allows clients to access PKI services on the Certificate System server. The utility provides a number of commands and subcommands designed to perform various operations, such as user or group management, certificate management, profile management, and others.
To display all available pki commands and options, run pki without any arguments:
$ pki

usage: pki [OPTIONS..] <command> [ARGS..]
 -c <password>                    Security database password
 -d <database>                    Security database location (default:
	 			  ~/.dogtag/nssdb)
...

Subsystems:
 ca			CA management commands
 kra			KRA management commands
 ocsp			OCSP management commands
...

Commands:
 client                  Client management commands
 cert                    Certificate management commands
 group                   Group management commands
...
Some pki commands have subcommands. To display subcommands available with a particular pki command, run the command without any options. For example, to display the subcommands available with the pki client command:
$ pki client

Commands:
 client-init             Initialize client security database
 client-cert-find        Find certificates in client security database
 client-cert-import      Import certificate into client security database
...

2.1. Connection Parameters

The pki utility connects to the PKI server with the following parameters by default:
  • Protocol: http
  • Host name: localhost
  • Port: 8080
You can specify custom parameters manually by adding the following options to any of the pki commands:
  • -P specifies the protocol
  • -h specifies the host name
  • -p specifies the port
For example:
pki -P https -h server.example.com -p 8443 cert-find
You can also specify the connection parameters as a URL. To do this, provide the URL in the protocol://hostname:port format using the -U option. The subsystem is determined based on the command being executed. For example, the following command lists the certificates in the CA:
pki -U https://server.example.com:8443 cert-find
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.